Search for vulnerabilities
Vulnerability details: VCID-qb3k-17vr-aaab
Vulnerability ID VCID-qb3k-17vr-aaab
Aliases CVE-2023-45360
Summary An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.
Status Published
Exploitability 0.5
Weighted Severity 4.9
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00338 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00338 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00338 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00338 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00351 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.00375 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
epss 0.01275 https://api.first.org/data/v1/epss?cve=CVE-2023-45360
cvssv3 5.4 https://nvd.nist.gov/vuln/detail/CVE-2023-45360
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2023-45360
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45360.json
https://api.first.org/data/v1/epss?cve=CVE-2023-45360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45360
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45363
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY/
https://phabricator.wikimedia.org/T340221
2247803 https://bugzilla.redhat.com/show_bug.cgi?id=2247803
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.40.0:-:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediawiki:mediawiki:1.40.0:rc0:*:*:*:*:*:*
CVE-2023-45360 https://nvd.nist.gov/vuln/detail/CVE-2023-45360
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45360
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45360
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.21115
EPSS Score 0.00051
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.